aborts if one of specified users is visible via other authentication provider #21
Description
scenario
- we have one host which is attached to AD.
- users mary and kitty are visible from AD.
- user joy is not in AD and should be locally created.
- the playbook as entries fro mary, kitty and joy, listing the basic info and
problem
the module looks for directory based users in /etc/passwd and thus gets a bit confused.
it aborts mid-run.
- it should probably use getent passwd username for those (but not without giving a username, since there might be 1000s of directory based users)
- it might still try to change those users if the AD GECOS field doesn't match whats specified for the role. makes sense.
- it will currently not manage to add the ssh keys etc. for user joy.
- it will report no changes (everything is already deployed)
it seems to me that 3) should still be working.
use cases
a setup like this can be considered a "recommended practice":
- you will likely have AD-based auth for devs and end users of a system
- you will likely have local accounts for the ops staff since they should be able to log on if there's a directory issue.
footnote
yes, if i specific different user lists for the AD-based and not AD-based systems i will avoid this. unless i'd still like to use the role to deploy their keys. and i'm not sure if it should not be able to complete for user "joy"